Author: ed
Date: Wed Sep 21 13:02:43 2016
New Revision: 306099
URL: https://svnweb.freebsd.org/changeset/base/306099

Log:
  Fix misuse of the basename() and dirname() functions.
  
  These functions are allowed to overwrite their input. Pull a copy of the
  input parameter and call dirname() and basename() on that instead. Do
  ensure that we reload the pathname value between calls.

Modified:
  head/usr.sbin/bhyve/pci_virtio_console.c

Modified: head/usr.sbin/bhyve/pci_virtio_console.c
==============================================================================
--- head/usr.sbin/bhyve/pci_virtio_console.c    Wed Sep 21 11:59:52 2016        
(r306098)
+++ head/usr.sbin/bhyve/pci_virtio_console.c    Wed Sep 21 13:02:43 2016        
(r306099)
@@ -264,6 +264,7 @@ pci_vtcon_sock_add(struct pci_vtcon_soft
 {
        struct pci_vtcon_sock *sock;
        struct sockaddr_un sun;
+       char *pathcopy;
        int s = -1, fd = -1, error = 0;
 
        sock = calloc(1, sizeof(struct pci_vtcon_sock));
@@ -278,15 +279,24 @@ pci_vtcon_sock_add(struct pci_vtcon_soft
                goto out;
        }
 
-       fd = open(dirname(path), O_RDONLY | O_DIRECTORY);
+       pathcopy = strdup(path);
+       if (pathcopy == NULL) {
+               error = -1;
+               goto out;
+       }
+
+       fd = open(dirname(pathcopy), O_RDONLY | O_DIRECTORY);
        if (fd < 0) {
+               free(pathcopy);
                error = -1;
                goto out;
        }
 
        sun.sun_family = AF_UNIX;
        sun.sun_len = sizeof(struct sockaddr_un);
-       strncpy(sun.sun_path, basename((char *)path), sizeof(sun.sun_path));
+       strcpy(pathcopy, path);
+       strncpy(sun.sun_path, basename(pathcopy), sizeof(sun.sun_path));
+       free(pathcopy);
 
        if (bindat(fd, s, (struct sockaddr *)&sun, sun.sun_len) < 0) {
                error = -1;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to